Hi friends ,

We see a lot of shells and scripts that gets uploaded to the /wp-content/uploads directory. Generally these are shell scripts and other scripts that allow pretty much total control over your hosting filesystem and database.

A quick way to help protect against this is to put an .htaccess file in the /wp-content/uploads directory that contains the following code:

This will stop any PHP file from being executed in the uploads directory.

or for perl scripts

or for python

VERY few plugins ever use PHP files in the uploads directory and certainly shouldn’t be executing them there, so this is a very safe method to get one step closer to securing your WordPress installation.


Disable PHP Execution In WordPress Uploads Directory

Good luck ,